Skip to main content

Cilium

 


  • Cilium operates at L3/L4 to provide trasitional networking and security services
  • It also works at L7 to provide application level servies like gRPC, HTTP, Kafka
  • Cilium inserts itself in the kernel at
    • Network IO
    • Application Sockets and Tracepoints to implement security and visibility.
  • Intelligent Routing
    • Cilium can do more intelligent routing other than opening or blocking a port
      • Allow all HTTP requests with method GET and path /public/.*. Deny all other requests.
      • Allow service1 to produce on Kafka topic topic1 and service2 to consume on topic1. Reject all other Kafka messages.
      • Require the HTTP header X-Token: [0-9]+ to be present in all REST calls.
      • More examples of policies at https://docs.cilium.io/en/stable/policy/#layer-7
  • Service to Service Communication

Comments

Popular posts from this blog

It was a great experience to talk to a huge audience in Mumbai and Delhi about how to start your ML journey at Google Cloud Summit ’18 India
“ this is what 864GB of RAM looks like ” , from 37 signals http://37signals.com/svn/posts/3090-basecamp-nexts-caching-hardware